Secret Cookies on your computer that you cannot delete

While possible, the potential value of the accumulated data is disputable, and certainly much less valuable that a host of other information about
you, that either exists or is currently being shared...
(1) Windows update history (with your specific personal information)
(2) Credit card and debit card purchase history
(3) Tax returns (used by politicians for targeted mailings!)
(4) DMV records -- which are indeed sold

In the scheme of things, there are more important privacy intrusions that get far less attention.

Hidden inside Ashley Hayes-Beaty's computer, a tiny file helps gather personal details about her, all to be put up for sale for a tenth of a
penny.

The file consists of a single code— 4c812db292272995e5416a323e79bd37—that secretly identifies her as a 26-year-old female in Nashville, Tenn.

The code knows that her favorite movies include "The Princess Bride," "50 First Dates" and "10 Things I Hate About You." It knows she enjoys the "Sex
and the City" series. It knows she browses entertainment news and likes to take quizzes.

"Well, I like to think I have some mystery left to me, but apparently not!" Ms. Hayes-Beaty said when told what that snippet of code reveals about
her. "The profile is eerily correct."

In an interview with WSJ's Alan Murray, WPP CEO Sir Martin Sorrell conceded that advertisers must do better to inform customers about the tracking and
mapping of online behavior. On the U.S. economy, he characterized the last 6-7 months as "America Bites Back" but wonders how long the recovery will
last.

Ms. Hayes-Beaty is being monitored by Lotame Solutions Inc., a New York company that uses sophisticated software called a "beacon" to capture what
people are typing on a website—their comments on movies, say, or their interest in parenting and pregnancy. Lotame packages that data into profiles
about individuals, without determining a person's name, and sells the profiles to companies seeking customers. Ms. Hayes-Beaty's tastes can be sold
wholesale (a batch of movie lovers is $1 per thousand) or customized (26-year-old Southern fans of "50 First Dates").

"We can segment it all the way down to one person," says Eric Porres, Lotame's chief marketing officer.

One of the fastest-growing businesses on the Internet, a Wall Street Journal investigation has found, is the business of spying on Internet
users.

The Journal conducted a comprehensive study that assesses and analyzes the broad array of cookies and other surveillance technology that companies are
deploying on Internet users. It reveals that the tracking of consumers has grown both far more pervasive and far more intrusive than is realized by
all but a handful of people in the vanguard of the industry.

• The study found that the nation's 50 top websites on average installed 64 pieces of tracking technology onto the computers of visitors, usually
with no warning. A dozen sites each installed more than a hundred. The nonprofit Wikipedia installed none.

• Tracking technology is getting smarter and more intrusive. Monitoring used to be limited mainly to "cookie" files that record websites people
visit. But the Journal found new tools that scan in real time what people are doing on a Web page, then instantly assess location, income, shopping
interests and even medical conditions. Some tools surreptitiously re-spawn themselves even after users try to delete them.

A web bug is any one of a number of techniques used to track who is reading a web page or e-mail, when, and from what computer. They can also be
used to see if an e-mail was read or forwarded to someone else, or if a web page was copied to another website. The first web bugs were small
images.

Some e-mails and web pages are not wholly self-contained. They may refer to content on another server, rather than including the content directly.
When an e-mail client or web browser prepares such an e-mail or web page for display, it ordinarily sends a request to the server to send the
additional content.

These requests typically include the IP address of the requesting computer, the time the content was requested, the type of web browser that made the
request, and the existence of cookies previously set by that server. The server can store all of this information, and associate it with a unique
tracking token attached to the content request.

Originally posted by WhizPhiz
You mean the User Agent string, or something else?

The combination of IP address and user agent is indeed rather unique, or at least unique enough.

Additional details are available to JavaScript such as screen-size and installed plug-ins that, when combined, make a very complex and unique
identifier. However, the resulting identifier is a rather large collection of string values, and impractical for identifying users.

Interesting in that it highlights the "big media's" effort to spread fear, uncertainty, and doubt about what "cookies" do and what is being
tracked/retained.

That particular article received a great deal of commentary in tech and advertising circles as something that got many details wrong. And I'd like to
remind everyone that the "Online" version of the WSJ interviewed myself some months back over Jared Laughner's activity here, and from a rather
simple and straightforward interview, got many things wrong and attributed words to me that I never said.

I did actually think it sounded a bit old, but "web bug" is still used. It took me 2 seconds to find an example of it, I opened up Ghostery and it
has two options: "Web Bug Blocking" and "Cookie Protection"...I doubt it would be used in a modern FF add-on that is extremely popular if it were
an obsolete word.

I'm also part of a committee of the Internet Advertising Bureau, and traveling to Washington in May to help educate representatives on what ethical
online advertisers are doing to maintain a high-level of transparency and user privacy.

We're part of this: Network Advertising Initiative, and only use third party ad providers who also are.

I'm also part of a committee of the Internet Advertising Bureau, and traveling to Washington in May to help educate representatives on what ethical
online advertisers are doing to maintain a high-level of transparency and user privacy.

Wow, what more can ATS members ask for. The people I don't trust are the advertising agencies that track me. Quantcast is embedded into so
many websites, what sort of info do they get from me? I understand it's a breach of privacy to attach info such as my name to their collected data,
but can they get my IP? If so, that means they can identify me at every website I go to which has their tracking technology enabled. What about the
cookies Quantcast stores on my PC when I visit ATS? Since I have opted out of tracking cookies I can't see what content they would normally hold, but
there is a cookie called PHPSESSID and it belongs to ads.abovetopsecret.com. It contains a moderately long string of characters, obviously some sort
of session ID. It would be capable of identifying me individually, and seems most likely used for targeted advertisement.

Originally posted by WhizPhiz
Quantcast is embedded into so many websites, what sort of info do they get from me?

Quantcast is one of the most transparent "players" in this broad scenario of online audience
measurement. There are a host of other firms (Axiom, Experian, etc.) "hidden" within major media sites who are much larger, and much less
transparent.

but can they get my IP? If so, that means they can identify me at every website I go to which has their tracking technology enabled.

Even the FTC hasn't considered an IP address as personally identifiable information in this context.

What about the cookies Quantcast stores on my PC when I visit ATS?

Used primarily to measure the kind of audience coming to ATS. It identifies you as a unique user, and on other sites you visit, their system attempts
to "guess" at the type of user you (without personal info) represent.

but there is a cookie called PHPSESSID and it belongs to ads.abovetopsecret.com. It contains a moderately long string of characters, obviously
some sort of session ID. It would be capable of identifying me individually, and seems most likely used for targeted advertisement.

It's an encrypted session identifier, associated with the core functionality of PHP, which we use to prioritize the delivery of ads. No data is
collected or stored.

You've managed to create a mental image inside my brain of an apparatus which is - even though theoretically possible - beyond anything that some US
government agency was able to control and maintain for any extended period of time. I have to admit when starting to add up the numbers and putting it
into context with the practical gain from such an endeavour, it seems unlikely such mechanism is, indeed, in place. That eases my paranoia level from
"exorbitant" to "above critical", I appreciate that : D

Unless of course ...

.. the NSA got their hands on the CPU and foo-matic fluxcompensators of the ET spaceship that crashed on the moons surface, which some guy on the
forums posted about.

But that's a whole new story for a whole new thread, some other time .. maybe .. ^^

Originally posted by H1ght3chHippie
beyond anything that some US government agency was able to control and maintain for any extended period of time.

Just about any speculation on a "grand conspiracy" needs to go through such a mental exercise. Attributing massive levels of superb prowess,
coordination, extreme-technology, high levels of personnel involvement, and beyond cutting-edge expertise to a government that flubs so many things is
often improbable, if not impossible.

OP i thank you for starting this thread,its opened up input from Sceptic that we would have not known..He seems to know what he is saying....I just
found out recently from my dd how they track where you go,and i wondered why i would come to this website and see advertisements from skincare co. i
was just looking at...They were stalking me...lol

Originally posted by Sarene
Not that I don't trust you, but how do I know that this little batch program is not a virus itself?
I am no computer expert so...
Please just give me your word, and once you do please tell me how to run your program lol
I am serious about computer safety as all my personal files are stored on this one computer and this computer is almost always connected to the
internet...

edit: I guess your work is not a virus (as I was posting the above, other posted confirmation)
although, I am still confused as to how to run the batch file (or create it)

edit on 28-3-2011 by Sarene because: saw other posts

I'm not that great at programming, but line 2 "rem :: nuke any existing cookies and subdirectories ::
"
then he proceeds to tell the program what to nuke-which is the macro flash stuff. That's how it looks to me. Still, it is foolhardy to trust anything
from people you do not know. Identity theft has taken on Mafioso proportions, as there are organized groups. Even trustworthy sites can become
infected with embedded HTML right over the page.

Originally posted by H1ght3chHippie
Just let's tie the biggest ISP's in here for a brief second, let's asume most major networks might serve a second purpose, beyond what you use
them for, and let's assume there are algorithms and mechanisms in place...
>snip<
They've been doing that 20 years ago already, you are aware of that I assume ?

Now, that's something very, very different than concerns over what nefariousness might be possible via cookie abuse -- you're referencing "deep
packet inspection," and is a very different animal.

So after monitoring your online behaviour for a couple years, they have the perfect profile about you...

Okay, there's a couple issues here, many are related to misconceptions, but there are concerns.

The most important thing is to visualize the quantity of data, and project forward to the plausibility of such a thing. Imagine a system that would be
able to track and quantify all the various IP address you use, in real-time. Not necessarily impossible, but would require highly-sophisticated
deep-packet inspect by every network you use, engaged in real-time reconciliation and communication back to some central source. Then, consider how
such a system would engage in such real-time reconciliation for every HTTP packet you receive -- just the ATS home page would require more than 100
such packets, many pages use much more. Then imagine the scale of such a thing as it attempts to recognize, reconcile, track, and record every packet
received by every person using the web in the United States for just one day. We're talking about dozens of petabytes of data being categorized and
exchanged in just one day.

And if you want to scale that even further, consider the amount of data resulting from a month, a year, or several years.

And then, imagine how an inept "government" who is unable to keep an Army Private from stealing secure government communications could create and
manage such an unimaginably massive and sophisticate system.

Such a system would require massive bandwidth and more than 50 billion terabytes of
data storage for 10 years worth of information. Why... the hard drive maintenance alone would keep an army of IT geeks running in circles.

That level of intelligence as a result of wide-spread deep-packet inspection has received a lot of speculation, but it's not plausible to believe an
inept government who can't keep their law enforcement agencies up to speed with computer technology that is less than five years old can pull it
off.

However, that's not to say that some level of data reconciliation and inspection isn't going on... we know it is, but just not on the grand scale
that would be required above.

Based on the tidbits we know, there are three strategies being used:

(1) Deep packet inspection of certain protocols (such as HTTP post and SMTP) for important keywords, phrases, or destinations.

(2) Monitoring of interconnected communications (using #1 at times) on certain subjects, some of which may be "seeded" by provocateurs or purposeful
release of low-level semi-classified information.

(3) Deep packet inspection and monitoring of specific computers that have been identified as a result of #1 and #2.

This is not only much more plausible, but also much more likely to result in a manageable amount of data on which law-enforcement action can be taken.

And on a side note, there's not really a difference between a single webserver and a server farm in terms of transfering data through whatever
backbone or WAN link to other domains

Except when you start considering the massive scale of the amount of data you originally proposed. Even in our little cluster for ATS, we often flirt
with the upper limits of a 10GB network connection between our database server and web server during spikes of high traffic, and that's just for the
posts and threads on ATS.

But all this is not impossible.
Altough I do not know all that much about computers, I think that we (all the others around the world) serve as server farms and maybe without even
knowing it. For example take torrent sites which use all the computers that have downloaded something. They are automatically placed in some kind of
cloud or cluster, from which when somebody else wants to download something, ( that you also have) the site server automatically puts you into the
system to share it.
I also read an article on yahoo quite a long time ago about someone that was caught for pedofilism because some pedofile somehow got into his hard
disk and stored it there. The person who was "framed" didnt know a thing about it, and I think, if I can remember correctly, they eventually found
him innocent.

So knowing this, I don't see how it would need so many people for maintainance. We are all our own maintainace people for our own computers, plus we
provide all the hard disk space for them.
Maybe I'm wrong somewhere or everywhere here, but it's just an assumption.
Personally I dont care that much if cookies are stored in my computer or not, just as long as they dont slow me down or crowd my system.

I would like to say that you have a nice site here, and I stayed because so far I have not seen any discrimination to what is written here. I dont
like chounta characteristics in anything (even cookies). I also find it invasive.
As I read earlier in the thread, this topic was moved to the hoax topics which I find a little annoying, because it shows fear of something, or hiding
something, apart of the fact that you may be hurting someone else of his credability. So in my opinion, you as the owner should have written and
through your statements disproved what was written in this thread, just like any other topic in here. Its the only free speach thng to do.
Sorrry if I sounded kind of harsh in any way, and I did not write this to offend anyone.

The Above Top Secret Web site is a wholly owned social content community of The Above Network, LLC.

This content community relies on user-generated content from our member contributors. The opinions of our members are not those of site ownership who maintains strict editorial agnosticism and simply provides a collaborative venue for free expression.